General
-
Target
0803c21104a02be4c611f0f2d7fc8e4b_JaffaCakes118
-
Size
792KB
-
Sample
240429-s4pk6seb73
-
MD5
0803c21104a02be4c611f0f2d7fc8e4b
-
SHA1
798ceb3ef93a9b783f7b11b0259e0fa5b5933fd8
-
SHA256
fb237b7fc75cec8180f4d853c44911dc0dbdb705be39c3e6f1f2a523b79ff9d5
-
SHA512
4d8d496ff8c2b31595250b90cac608984b6d2c5042fbb9a616c3cee861fccc5b13abd34c1fd107c0885f8232d9d4e2be891e200793ecf402ebb27420b5234412
-
SSDEEP
12288:XZpA9Ou/46Dn2eQtP4quUCeWx0aA8xfuMYn1pdT1TeHBSs82h18LE3a8pXC8luSb:XfE/ytHuO8ZxfczxqbHCE/out
Static task
static1
Behavioral task
behavioral1
Sample
0803c21104a02be4c611f0f2d7fc8e4b_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0803c21104a02be4c611f0f2d7fc8e4b_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://u0417398.cp.regruhosting.ru/masonspath/logs/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0803c21104a02be4c611f0f2d7fc8e4b_JaffaCakes118
-
Size
792KB
-
MD5
0803c21104a02be4c611f0f2d7fc8e4b
-
SHA1
798ceb3ef93a9b783f7b11b0259e0fa5b5933fd8
-
SHA256
fb237b7fc75cec8180f4d853c44911dc0dbdb705be39c3e6f1f2a523b79ff9d5
-
SHA512
4d8d496ff8c2b31595250b90cac608984b6d2c5042fbb9a616c3cee861fccc5b13abd34c1fd107c0885f8232d9d4e2be891e200793ecf402ebb27420b5234412
-
SSDEEP
12288:XZpA9Ou/46Dn2eQtP4quUCeWx0aA8xfuMYn1pdT1TeHBSs82h18LE3a8pXC8luSb:XfE/ytHuO8ZxfczxqbHCE/out
Score10/10-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-